Dropbox Drops Other Shoe in Years-Old Data Breach

Dropbox last week confirmed that more than 68 million emails and passwords have been compromised from a hack that originally was disclosed in 2012.

Dropbox Drops Other Shoe in Years-Old Data Breach

Exposure from the breach was limited to email addresses, Dropbox originally claimed. However, based on the latest revelations, the hackers actually stole hashed and salted passwords. Even so, there have been no indications that they succeeded in accessing user accounts, the company said.

The firm apologized for the belated release of the information, saying it wanted to clear up the confusion.

“We first heard rumors about this list two weeks ago and immediately began our investigation,” the company said in a statement provided by spokesperson Nick Morris. “We then emailed all users we believed were affected and completed a password reset for anyone who hadn’t updated their password since mid-2012.”

The reset ensures that even if the passwords are cracked, they can’t be used to access Dropbox accounts.

Customers who signed up for Dropbox before mid-2012 with a password they used on other services should change those passwords too, Dropbox recommended.

They should create strong, unique passwords and enable two-step verification, the company urged. They also should be alert to spam or phishing attempts, because email addresses were exposed.

For security reasons, Dropbox could not answer any specifics about investigations into the hack, such as whether any outside security experts or law enforcement agencies have been looking into the breach, Morris told the E-Commerce Times.